March 11, 2016 By Kevin Beaver 2 min read

Now that we’re in 2016, more than two decades after the advent of the Internet as we know it, we have a general idea of the best industry practices for security. There are known threats, means for assessing risks and proven technical controls and sound methodologies for managing it all.

Given the latest news and trends coming out of this year’s 25th annual RSA Conference, what security issues should you be concerned with in the enterprise this year?

Concerns Arise at the Conference

One of the greatest areas of concern is not knowing what you don’t know. Security intelligence and analytics was a major theme of the RSA Conference this year and for good reason. So many people in charge of security know what needs to be done: Gather good information so that actionable security decisions can be made and risks can be reduced.

The real challenge is all the information that’s available on any given network; it’s overwhelming. From server logs and mobile usage to all the information that’s leaking out to the cloud and vendors you transact with on a daily basis, how do IT and security professionals keep up?

The answer lies in knowing what you need and then relying on good tools and people to sift through the noise so risks can be properly analyzed. Rather than merely doing what’s assumed to be the best practice or whatever an outside party wants you to do, you have to think about the best approach for your business based on your unique requirements.

Another considerable area of concern and a core focus of RSA USA 2016 is the Internet of Things (IoT). These connected things are everywhere. They’re either on your network right now or they’re impacting your sensitive business information and assets in some tangential way through remote users, business partners or your own customers.

What are you doing about it? How does IoT affect your existing security program? What other security standards, policies and controls need to be put in place to keep things in check? Make IoT part of your security discussion starting now before you’re forced to.

RSA Focuses on Encryption

Finally, a key risk and topic of discussion at the RSA Conference this year was encryption. Keynote presenter Brad Smith, Microsoft’s president and chief legal officer, said, “The path to hell starts at the back door. We need to ensure that encryption technology stays strong.” You need to step back and assess how your critical assets (e.g., information and systems) fit into this discussion.

Storage security is part of this; so is information in transit. Everything your business depends on, especially its intellectual property, is hanging in the balance.

Information protection is not the sole responsibility of the government. But it will be if IT and security professionals, along with their business executives and legal counsel, don’t stand up and make their voices heard and do what’s right to keep their own systems in check.

The information security essentials we’ve known about for decades haven’t changed. Most organizations still need some serious discipline in order to have a resilient information security program. Business and the technologies we’ve become dependent on have evolved, so we have to be cognizant of how everything fits together.

Whether it’s 2016 or 2026 and beyond, it’s up to all of us to ensure that we’re doing our best to address what’s important and move past what’s not. Otherwise, we’ll continue on in the same old rut.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today